i

2025-11-03 16:48:18 +08:00
parent ef49aadf0c
commit 725c7f2275
2 changed files with 22 additions and 45 deletions
--- a/bird/net/dn42.conf
+++ b/bird/net/dn42.conf
@@ -7,7 +7,13 @@ template bgp dn42_bgp_up {
          if dn42_is_valid_network() && !dn42_is_self_net() then accept;
          reject;
        };
-        export filter { if dn42_is_valid_network() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
+        export filter { 
+            if !dn42_is_valid_network() then reject; 
+            if source !~ [RTS_STATIC, RTS_BGP] then reject;
+            if bgp_large_community !~ [(DN42_ASN, 200,0)] then reject;      
+            bgp_large_community.empty;  
+            accept;
+        };
        import limit 9000 action block; 
    };
    ipv6 {
@@ -16,50 +22,15 @@ template bgp dn42_bgp_up {
          if dn42_is_valid_network_v6() && !dn42_is_self_net_v6() then accept;
          reject;
        };
-        export filter { if dn42_is_valid_network_v6() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
+        export filter { 
+            if !dn42_is_valid_network_v6() then reject; 
+            if source !~ [RTS_STATIC, RTS_BGP] then reject;
+            if bgp_large_community !~ [(DN42_ASN, 200,0)] then reject;      
+            bgp_large_community.empty;  
+            accept;
+        };
        import limit 9000 action block; 
    };
 }

-template bgp dn42_ibgp {
-    graceful restart;
-    local as DN42_ASN;
-    med metric;
-    direct;
-    ipv4 {
-        table dn42v4;
-        next hop self;
-        gateway direct;
-        import filter { 
-            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
-            if !dn42_is_valid_network() then reject;
-            if dn42_is_self_net() then reject;
-            accept; 
-        };
-        export filter { 
-            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
-            if !dn42_is_valid_network() then reject;
-            if dn42_is_self_net() then reject;
-            accept;
-            };
-    };
-    ipv6 {
-        table dn42v6;
-        next hop self;
-        gateway direct;
-        import filter { 
-            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
-            if !dn42_is_valid_network_v6() then reject;
-            if dn42_is_self_net_v6() then reject;
-            accept; 
-        };
-        export filter { 
-            if bgp_large_community ~ [(DN42_ASN, 1,*)] then reject;
-            if !dn42_is_valid_network_v6() then reject;
-            if dn42_is_self_net_v6() then reject;
-            accept;
-            };
-    };
-}
-
 include "/etc/bird/peers/dn42/*.conf";
--- a/bird/net/unet.conf
+++ b/bird/net/unet.conf
@@ -1,4 +1,4 @@
-template bgp unet_bgp_up2 {
+template bgp unet_bgp_up1 {
    graceful restart;
    local as UNET_ASN;
    ipv4 {
@@ -7,7 +7,13 @@ template bgp unet_bgp_up2 {
          if unet_is_valid_network_v4() && !unet_is_self_net() then accept;
          reject;
        };
-        export filter { if unet_is_valid_network_v4() && source ~ [RTS_STATIC, RTS_BGP] then accept; else reject; };
+        export filter { 
+            if !unet_is_valid_network_v4() then reject; 
+            if source !~ [RTS_STATIC, RTS_BGP] then reject;
+            if bgp_large_community !~ [(UNET_ASN, 200,0)] then reject;      
+            bgp_large_community.empty;  
+            accept;
+        };
        import limit 9000 action block; 
    };
 }